- Jan 24, 2018
-
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Matt Caswell authored
This just adds the various extension functions. More changes will be required to actually use them. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
Richard Levitte authored
We incorrectly assumed that explicit dependencies meant that the source directory would be added for inclusion. However, if the dependent file is generated, it's stored in the build directory, and that should be used for inclusion rather than the source directory. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
Richard Levitte authored
This ensures that only one set of includes is associated with each object file, reagardless of where it's used. For example, if apps/build.info has this: SOURCE[openssl]=foo.c INCLUDE[openssl]=.. ../include and test/build.info has this: SOURCE[footest]=../apps/foo.c INCLUDE[footest]=../include The inclusion directories used for apps/foo.o would differ depending on which program's dependencies get generated first in the build file. With this change, all those INCLUDEs get combined into one set of inclusion directories tied to the object file. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5153)
-
- Jan 23, 2018
-
-
Pauli authored
Support added for these two digests, available only via the EVP interface. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5093)
-
Richard Levitte authored
EVP_PKEY_asn1_find_str() would search through standard asn1 methods first, then those added by the application, which EVP_PKEY_asn1_find() worked the other way around. Also, EVP_PKEY_asn1_find_str() didn't handle aliases. This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find(). Fixes #5086 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5137)
-
Richard Levitte authored
This reverts commit d85722d3 . Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5137)
-
Benjamin Kaduk authored
The 'loop' variable is only used if EC is available. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5149)
-
Rich Salz authored
Thanks to Nicolas Schodet for pointing this out. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5141)
-
Richard Levitte authored
Since libssl requires libcrypto and libcrypto.pc already has Libs.private set exactly the same, there's no reason to repeat it in libssl.pc. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5134)
-
Richard Levitte authored
Even -pthread gets treated that way. The reason to do this is so it ends up in 'Libs.private' in libcrypto.pc. Fixes #3884 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5134)
-
- Jan 22, 2018
-
-
Richard Levitte authored
Fixes #5143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5144)
-
Rich Salz authored
Thanks to David Vernet for reporting this. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5140)
-
Richard Levitte authored
That inclusion turned out to be completely unnecessary [extended tests] Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5136)
-
Rich Salz authored
Based on code from Matthias Ballreich, Steve Henson, and Wolf Tobias. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4724)
-
Richard Levitte authored
This includes unnecessary use of the top as inclusion directory Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5132)
-
Matt Caswell authored
Fixes #5090 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5097)
-
Matt Caswell authored
An index.txt entry which has an empty Subject name field will cause ca to crash. Therefore check it when we load it to make sure its not empty. Fixes #5109 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5114)
-
Matt Caswell authored
Misconfiguration (e.g. an empty policy section in the config file) can lead to an empty Subject. Since certificates should have unique Subjects this should not be allowed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5114)
-
- Jan 21, 2018
-
-
Bernd Edlinger authored
./config -DOPENSSL_NO_SECURE_MEMORY Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5113)
-
- Jan 20, 2018
-
-
Richard Levitte authored
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5121)
-
Richard Levitte authored
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5094)
-
- Jan 19, 2018
-
-
Benjamin Kaduk authored
Note the reasons, including streaming output issues and key/iv/nonce management issues. Recommend the use of cms(1) instead. Fixes #471. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5048)
-
Richard Levitte authored
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5110)
-
Bernd Edlinger authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5108)
-
Richard Levitte authored
On Windows, we sometimes see a behavior with SO_REUSEADDR where there remains lingering listening sockets on the same address and port as a newly created one. To avoid this scenario, we don't create a new proxy port for each new client run. Instead, we create one proxy socket when the proxy object is created, and close it when destroying that object. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5095)
-
- Jan 18, 2018
-
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5060)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5060)
-
Richard Levitte authored
Because OPENSSL_SYS_CYGWIN will keep OPENSSL_SYS_UNIX defined, there's no point having checks of this form: #if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5060)
-
Richard Levitte authored
More to the point, Cygwin is a POSIX API. In our library, the use of a POSIX API is marked by defining the macro OPENSSL_SYS_UNIX. Therefore, that macro shouldn't be undefined when building for Cygwin. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5060)
-
Richard Levitte authored
On Windows, we sometimes see a behavior with SO_REUSEADDR where there remains lingering listening sockets on the same address and port as a newly created one. An easy solution is not to use ReuseAddr on Windows. Thanks Bernd Edlinger for the suggestion. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5103)
-
Jakub Jelen authored
CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4861)
-
- Jan 17, 2018
-
-
Richard Levitte authored
On Windows, it seems that doing so in a forked (pseudo-)process sometimes affects the parent, and thereby hides all the results that are supposed to be seen by the running test framework (the "ok" and "not ok" lines). It turns out that our redirection isn't necessary, as the test framework seems to swallow it all in non-verbose mode anyway. It's possible that we did need this at some point, but the framework has undergone some refinement since then... Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5100)
-
Richard Levitte authored
We use the first we can of the following IO::Socket modules to create sockets: - IO::Socket::INET6 - IO::Socket::IP - IO::Socket::INET The last of them doesn't support IPv6, so if that's the one available, we must force the s_client and s_server processes to use IPv4. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5092)
-
- Jan 16, 2018
-
-
Paul Yang authored
Because the related PR/commits are merged in 2018... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
Paul Yang authored
To avoid check failure, make dummy RETURN VALUES sections in the docs which have no real functions decribed inside... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
Paul Yang authored
All missing sections are added. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
-
Matt Caswell authored
I received this error from a TLSProxy test: Failed to start up server (localhost,4443): Transport endpoint is not connected So, extend the timeout before we give up trying to connect to the server. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5088)
-
Matt Caswell authored
Commit 9f944291 changed the semantics of BN_copy() to additionally copy the BN_FLG_CONSTTIME flag if it is set. This turns out to be ill advised as it has unintended consequences. For example calling BN_mod_inverse_no_branch() can sometimes return a result with the flag set and sometimes not as a result. This can lead to later failures if we go down code branches that do not support constant time, but check for the presence of the flag. The original commit was made due to an issue in BN_MOD_CTX_set(). The original PR fixed the problem in that function, but it was changed in review to fix it in BN_copy() instead. The solution seems to be to revert the BN_copy() change and go back to the originally proposed way. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5080)
-